package com.uwo.house.config;

import com.uwo.house.kits.EncryptKits;
import org.apache.log4j.Logger;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;

import java.security.MessageDigest;

/**
 * Created by yanhao on 2017/6/16.
 */
public class JWTCredentialsMatcher implements CredentialsMatcher {

    private final Logger log = Logger.getLogger(JWTCredentialsMatcher.class);

    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        JWTAuthenticationToken token = (JWTAuthenticationToken) authenticationToken;
        SimpleAuthenticationInfo simpleAuthenticationInfo = (SimpleAuthenticationInfo)authenticationInfo;
        // 获取salt
        String salt = new String(simpleAuthenticationInfo.getCredentialsSalt().getBytes());
        // 给请求密码加密 加密格式 md5(md5($pass).$salt);
        String password = EncryptKits.Md5(EncryptKits.Md5(new String(token.getCredentials().toString())).toLowerCase() + salt).toLowerCase();
        // 验证密码是否正确
        return (password.equalsIgnoreCase(authenticationInfo.getCredentials().toString()));
    }

}
